<?php

session_start();

use evertcode\Util as Tools;

require_once("../lib/class.server.php");
require_once("../lib/dbutil.inc.php");
require_once ('../lib/class.util.php');
require_once("../lib/class.inputfilter.php");

$tools = new Tools();

new Acceso();

class Acceso {

    private $cnx = NULL;
    private $filter = NULL;

    public function __construct() {
        $this->cnx = new cDB();
        $this->filter = new InputFilter();
        $this->conectar();
        $this->filter();
        $this->procesar();
    }

    private function filter() {
        $_POST = $this->filter->process($_POST);
        $_POST = $this->filter->safeSQL($_POST, $this->cnx->link);
        $_GET = $this->filter->process($_GET);
        $_GET = $this->filter->safeSQL($_GET, $this->cnx->link);
        $_REQUEST = $this->filter->process($_REQUEST);
        $_REQUEST = $this->filter->safeSQL($_REQUEST, $this->cnx->link);
    }

    public function __destruct() {
        $this->cnx->Disconnect();
        $this->filter = NULL;
    }

    private function conectar() {
        global $server;
        $this->cnx->Connect($server['server'], $server['db'], $server['user'], $server['pass']);
    }

    private function procesar() {

        if (filter_has_var(INPUT_POST, 'login')/* isset($_POST['login']) */) {
            echo $this->access(filter_input(INPUT_POST, 'usuario'), filter_input(INPUT_POST, 'password')/* $_POST['usuario'], $_POST['password'] */);
        } elseif (filter_input(INPUT_POST, 'info')/* isset($_POST['info']) */) {
            echo $this->getAdministrador();
        } else {
            echo json_encode(array("success" => -1, "msg" => "Error, los campos son requeridos."));
        }

        if (isset($_POST) && count($_POST) > 0) {
            exit();
        }
    }

    private function getAdministrador() {
        return json_encode($_SESSION);
    }

    private function access($usuario, $password) {
        global $tools;
        $QUERY = <<<SQLF
		SELECT * FROM usuarios a 
                       WHERE a.user = '$usuario' 
                           AND (a.password= '$password' OR a.password = MD5('$password'))
SQLF;
        if ($this->cnx->Query($QUERY)) {
            if ($fila = $this->cnx->First()) {

                $_SESSION['userAgent'] = md5(filter_input(INPUT_SERVER, 'HTTP_USER_AGENT')/* $_SERVER['HTTP_USER_AGENT'] */);
                $_SESSION['IPaddress'] = md5($tools->ExtractUserIpAddress());

                $_SESSION["authenticate"] = "1-eC";
                $_SESSION["nombre"] = $fila['user'];
                return json_encode(array("success" => 1, "message" => "Usuario existente."));
            } else {
                return json_encode(array("success" => 0, "message" => "Error, usuario o contraseña son erroneos.", "sql" => $QUERY));
            }
        } else {
            return json_encode(array("success" => 0, "message" => "Error, :)"));
        }
    }

}

?>
